Fake MAS Windows Activation Domain Used To Spread PowerShell Malware

An anonymous reader shares a report: A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'. BleepingComputer has found that multiple MAS users began reporting on Reddit yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.
Based on the reports, attackers have set up a look-alike domain, "get[dot]activate[dot]win," which clos